This is a summary of VAOX/ECOS and GMS/Orchestrator software features and the version from which they were added.
▶ Features by VXOA software release
- ECOS 9.0
• Advanced Segmentation (VRF)
• Secure Shell Access
• Enhanced Multicast Support
• Improved Software Upgrade Stability
• Enhancements to Disabled Subnet Sharing via IP SLA
• Custom Tags in YAML Preconfig
• IPSec Anti-Replay Improvements to support a window size of up to 64K
• Multiple Domain Matches in DNS Cache• Port Flexibility for Bonding
- ECOS 8.3
• Remote IP Logged for TACACS+ and RADIUS
• (8.3.0.4) - The spsadmin account has been removed.
• (8.3.0.4) - Appliances can now be configured to reject self-signed certificates. This feature addresses CVE-2020-12143 and CVE-2020-12143.
• (8.3.0.4) - A new IKE-less seed distribution mechanism is now supported in ECOS. This feature addresses CVE-2020-12142.
• (8.3.0.4) - API changes have been made to restrict traversal of other directories, limiting access to sensitive data.
• (8.3.1.0) - Changes have been made that greatly reduce or eliminate the possibility of a cross-site forgery request (CSRF) on the appliance.
• (8.3.1.0) - Support for 25 Gbps fiber interface cards in the EC-XL appliance.
• (8.3.1.0) - Added a new custom bonding option that performs load-balancing based on tunnel capacity.
• (8.3.1.0) - Added a new link bonding option that supports user-configurable link prioritization and traffic steering/load balancing policies.
• (8.3.1.0) - IPSec anti-replay window protection has been enhanced to support window size of up to 64K.
• (8.3.1.0) - Traceroute is now supported across stateful-SNAT firewall type, across allow-all type with NAT configured, as well as across EdgeHA links.
• (8.3.1.0) - The Top Applications report now excludes Silver Peak control (non-user) traffic.
• (8.3.1.0) - Ping IPSLA monitor has been enhanced to include loss/latency measurements and thresholds.
• (8.3.1.0) - Ping IPSLA can now be directed into a 3rd party IPSec or GRE tunnel.
• (8.3.1.0) - EC-V now supports up to 32 interfaces along with auto-mac configuration.
• (8.3.1.0) - IPv6 DHCP is now supported on WAN interfaces.
• (8.3.1.0) - The internet breakout feature has been enhanced, enabling selection of the best quality internet link for local break-out based on user-defined criteria.
- VXOA 8.2
• Branch NAT
• Multi-Region Subnet Sharing
• IPSec Service Chaining IKEv2
• BGP over IPSec
• Multicast GUI Support
• BGP Configuration of Source Address
• (8.2.1) - Route Filtering
• (8.2.1) - IPFIX Enhancements
• (8.2.1) - LAN-side VTI
• (8.2.1) - Dead Peer Detection (DPD) for IPSec Service Chaining
• (8.2.1) - Application Inference Engine
- VXOA 8.1
• Enhanced Application Visibility
• BGP Routing
• Interface bonding on 10Gbps ports
• IPv6 UPD, GRE and IPSec tunnels
• SHA-2 Hash for IPSec
• Extended DHCP Server Options
• SNMPv3 Enhancements
• Custom HTTPS certificate support for appliance management
• Flow redirection on any configured physical interface
• Return passthrough traffic to L2 sender
• (8.1.3) Fine grained control of management traffic
• (8.1.4) DNS Application Classification Enhancement
• (8.1.4) Internet Breakout with Stateful Firewall and NAT
• (8.1.5) IP SLA tracking
• (8.1.5) PPPoE Interfaces
• (8.1.5) Redesigned Configuration > Interfaces page
• (8.1.5) Improved Application Classification by Port
• (8.1.5) Per-Flow Maximum Rate Control
• (8.1.5.3) EC-US Appliance Support
• (8.1.5.3) Modified High Efficiency Bonding
• (8.1.6) Edge High Availability
• (8.1.6) IPSec UDP Overlays (IKEless tunnels)
• (8.1.6) Mini License (supports up to 50mbps)
• (8.1.6) Configurable BGP Parameters (Local Preference • MED (Multi-Exit Discriminator) • AS Prepend Count • Keep Alive Timer • Hold Timer)
• (8.1.6) Configurable Interface for SAAS Probes
• (8.1.7) IPv6 Support for Inline Router Mode
• (8.1.7) BGP Enhancements (Soft reset • Input Metric • Communities)
• (8.1.7) Inbound Port Forwarding
• (8.1.7) Shaper Enhancements (Rebalance)
• (8.1.7) TCP MSS Clamping for Internet Breakout
• (8.1.7) Flow Redirection on WAN Interfaces
• (8.1.7) TCP Acceleration for IPv6
• (8.1.7) Cloud-Init Support
• (8.1.7) OSPF (Beta)
• (8.1.8) Zone Based Firewall
• (8.1.8) 3rd party IPSec Tunnels
• (8.1.8) IPFIX
• (8.1.8) IP SLA Enhancements
- VXOA 8.0
• Business Intent Overlays
• Deployment Profiles
• Packet-Based Dynamic Path Control (DPC) or Bonded Tunnels
• Built-in DHCP server and relay
• Inbound QoS
• Support for IPv6 PBR deployments
• (8.0.3) - Support for additional hardware appliance part numbers
- VXOA 7.3
• Support for the Unity EdgeConnect XS and V.
• Current Flows tab can report on flows that are experiencing slow LAN-side performance.
• Reset non-accelerated TCP connections.
• DRC configuration now available on web interface: Configuration > Shaper
• (7.3.1) - Support for the Unity EdgeConnect L, XL
• (7.3.2) - Support for the Unity EdgeConnect S
• (7.3.3) - Fast fail (sub-second failover) for Dynamic Path Control (DPC)
• (7.3.3) - Support for the Unity EdgeConnect M
▶ Features by GMS/Orchestrator Software Release
- Orchestrator 9.0
• Increased Retention for New Daily Stats, now 3 months.• Advanced Segmentation (VRF)• YAML Preconfig Support for Routing Segmentation• YAML Preconfig Supports Custom Tags• Secure Shell Access• SAML 2.0 Integration• Enhanced Authentication Between Orchestrator and Cloud Portal• Allowed External IPs in Cloud Orchestrator• Live Troubleshooting for Down Tunnels
- Orchestrator 8.10
• Intelligent Upgrades
- Orchestrator 8.9
• IKE-less Seed Distribution To address CVE-2020-12142• Portal Migration Wizard The Orchestrator• Auto-prune Tunnels from Removed Appliances• Improved Response Times for Top ‘X’ Charts• Support for New Alarm: Insufficient Bandwidth for Tunnels• OAuth 2.0 Support for Identity Access Management (IAM)• (8.9.2) - Disable Self-signed Certificates To address CVE-2020-12143 and CVE-2020-12144• (8.9.2) - Loopback Orchestration
- Orchestrator 8.8
• PPPoE in preconfiguration• Loopback & VTI in preconfig• Ikev2 enhancements• Reset flows confirmation• BGP ASN and Local communities• Maintenance Mode• Notification Banner• Tunnels to Hubs in other region• DHCP Failover• Bandwidth tier licensing• (8.8.3) IPFIX UI Enhancements• (8.8.3) Increased Capacity for Inbound Port Forwarding Rules, up to 100• (8.8.3) Route Map Enhancements• (8.8.3) Microsoft Virtual WAN Orchestration (beta)• (8.8.3) Zscaler Orchestration to support load balancing of IPSec tunnels and support for new geo-location APIs• (8.8.3) Check Point Integration
- Orchestrator 8.7
• Branch NAT• DHCP relay per VLAN• Source address for BGP• ACL Policy enhancement• Display peer role (hub/spoke) in routes• Added capability to configure the logging level for implicit firewall drop between zones.• Loopback interfaces in Appliance Wizard• VTI and Loopback Interfaces• Redesigned BIO and regional overlays• Realtime updates from Microsoft Office 365• Role based access• Alarm Suppression• TACACS and RADIUS enhancements. Support “Remote only” and “Local if Remote Unavailable”
- Orchestrator 8.6
• Multicast routing• Firewall rule logging• Tech Support - Orchestrator tab improvement. Files can now be downloaded to the Orchestrator first• Routes Tab Filter• Flows tab improvements - new filters:Overlay and Transport filters, Flow characteristics, • Duration filters, Include built-in and HA, and various other checkboxes• Zscaler Orchestration• Support Any Protocol in Inbound Port Forwarding• Verify Email Address optional if Orchestrator is configured with a custom SMTP server• Regions Tab• License revocation and grant support for metered license model• Firewall logging for Security Policies
- Orchestrator 8.5
• Orchestrator has been redesigned to handle large networks.• MOS Statistics• Define Custom severity for Alarms• Delay Alarm Emails• Backup Orchestrator to HTTPS or SFTP servers as well as FTP, HTTP and SCP• Pre-Configuration using YAML files in Orchestrator before Zero Touch Provisioning occurs.• HTTP/HTTPS IPSLA ping monitors• IPFIX support• Wild Card Based prefix Matching in Policies• Block Network Orchestation via Cloud Portal• Preconfiguration• Allow ECDSA certificates for Saas• Health map sorting• 'Find Preferred Route' dialog available when editing Configuration > Routes• Configurable Statistics Retention• Overlapping LAN side subnets• Support IPv6 internal subnets on the Business Intent Overlay page• Configurable tunnel alarm aggregation• Notes for interfaces on Deployment page• Boost Trends report• Software Versions tab redesigned• Preconfiguration Passthrough Tunnels and Flow Redirection• IP Directed Broadcast available in templates• Nonaccelerated TCP Inactivity Timeout available in System template• New routes states that indicate peer’s role as Hub or Spoke• BGP Graceful restart• Zone based Firewall Statistics• Suppress Tunnel creation using Tunnel Exceptions tab• (8.5.2) Orchestration ETA progress and prioritization
- Orchestrator 8.4
• Overlay ACL• Maximum Orchestrator backups to retain now configurable• RMA Wizard• Upgrade appliances via Configuration Wizard• Tree filters• Transceiver information for EC-M-B and EC-M-P models SFP interfaces• Admin up/down datapath interfaces• Account key protection• IP/Port wildcard pattern match• IPFIX Flow Export• IPSLA HTTP Ping• Enable / Disable Default DNS Lookup• Auto-MTU Discovery Scheduler• Interface Dynamic Rate Control• Compound Applications• IPSec Pass-Through Tunnels
- Orchestrator 8.3
• Overlay Region Support• Orchestration of Templates (Groups)• Inbound Port Forwarding Orchestration• Cross Connect Grouping• (8.3.3) OSPF support• (8.3.3) Interface Bandwidth Summary report• (8.3.3) Orchestrator in-place upgrade (no revert to previous Orch version from this point on)• (8.3.3) Appliance Flow Trends tab enhancements• (8.3.3) Authentication protocols for TACACS and RADIUS• (8.3.3) Alarms in CSV format• (8.3.3) CLI shell from UI• (8.3.3) Remote assistance• (8.3.3) TCP MSS clamping• (8.3.6) Unreachable appliances are now shown grey in the tree• (8.3.6) Network Manager role deprecated• (8.3.6) Saas ping interface configurable• (8.3.6) Configurable VLAN for Edge HA• (8.3.6) Pause Orchestration
- Orchestrator 8.2
• IPSec UDP overlays• Packets per second trends tab• Tech Support improvements (appliance and Orchestrator tabs)• Orchestrator system dump• Application Visibility and Classification (AVC)• Edge Connect High Availability HA Support• Controlling statistics collection• IP Whitelist
- Orchestrator 8.1
• Improved Health Dashboard• Dynamic Topology Geomap• Live View• Traceroute support in the GUI• Policy maps enhancements• BGP support• Flow tab enhancement• Top Talkers, domains, countries and ports• Tunnel Bandwidth, DSCP, Jitter and Traffic Class Pie Charts• Appliance Flow, DSCP, QoS and Jitter Trends• Scheduled reports improvements• HTTPS Certificates Upload template• Custom SSL certificate for Orchestrator UI• Geo location support for Discovered Appliances tab• Deployment configuration tab improvements• DHCP leases by appliance• Built-in applications• Overlay Manager controls• Overlay boost button improvement
- Orchestrator 8.0
• Health Dashboard• Deployment Profiles• Overlay Topology• Tunnel charts per overlay• Labels (VXOA 8.0)• Tunnel Groups replace Tunnel Builder (VXOA 6.2.11)• Shaper, policy and ACL template support (VXOA 8.0)• Registration removed from Cloud Portal template (VXOA 7.0)• VRRP Template (VXOA 6.2.11)• Tunnel templates now support fast fail threshold (VXOA 7.3.3)• New Shaper report (VXOA 8.0)• Consolidated Audit Log tab• Appliance Configuration backup (VXOA 6.2.11)• New Deployment report• Bulk import subnets from .csv now supported
- Orchestrator 7.3 (EoL)
• Appliance discovery (VXOA 6.2.11)• Tunnel summary report• Scheduled group reboot/shutdown• Scheduled group QoS map activation• SMTP settings dialog• Scheduled timezone dialog• Third party licenses page• Silver Peak appliances licenses page• Cloud Portal registration template (VXOA 7.2)• SaaS Optimization template (VXOA 7.2)• CLI template (VXOA 6.2.11)
- GMS 7.2 (EoL)
• HTML email reports (VXOA 6.2)• Appliance discovery (VXOA 6.2.10)• Alarms via email• Time based QoS (VXOA 6.2)• GMS Backup• Historical Jobs• VMware vROps Integration (VXOA 6.2.10)• New charts added• New templates added• New configuration reports added• REST API
No comments:
Post a Comment